Intel Celeron J6413 Powered 6x i226 2.5GbE Fanless Firewall Review


Intel Celeron J6413 Performance

As the main product competing with the Intel Celeron J6413 is the Celeron N5015, we focused on comparing the two during these benchmarks. Also, take note of the previous generation, the J4125.

Intel Celeron J6413 Lscpu Output
Intel Celeron J6413 Lscpu Output

The N5105 comparison will be less exciting, but the J4125 comparison will show a nice gain.

Python Linux 4.4.2 Kernel Compile Benchmark

This is one of the most requested benchmarks for STH over the past few years. The task was simple, we have a standard configuration file, the Linux 4.4.2 kernel from, and make the standard auto-generated configuration utilizing every thread in the system. We are expressing results in terms of compiles per hour to make the results easier to read:

Intel Celeron J6413 Linux Kernel Compile Benchmark
Intel Celeron J6413 Linux Kernel Compile Benchmark

Here we see the J6413 performing slightly under the N5105. These chips are still very close.

7-zip Compression Performance

7-zip is a widely used compression/ decompression program that works cross-platform. We started using the program during our early days with Windows testing. It is now part of Linux-Bench.

Intel Celeron J6413 7zip Compression Benchmark
Intel Celeron J6413 7zip Compression Benchmark

These results echo the results from the last test, where the J6413 falls slightly behind the competing N5105.

OpenSSL Performance

OpenSSL is widely used to secure communications between servers. This is an important protocol in many server stacks. We first look at our sign tests:

Intel Celeron J6413 OpenSSL Sign Benchmark
Intel Celeron J6413 OpenSSL Sign Benchmark

Here are the verify results:

Intel Celeron J6413 OpenSSL Verify Benchmark
Intel Celeron J6413 OpenSSL Verify Benchmark

Overall, the J6413 is quite close in performance to the competing N5105, but is quite a great step above the previous generation in the J4125. We would probably still pick a N5105 unit given a choice.

The Intel Celeron N5105 has the 4MB of L3 cache, so that feels like it is the better option. Still, the J6413 is plenty fast enough to put 2.5Gbps of NAT traffic between ports as we have seen from this CPU performance class.

Next, let us get to power consumption.


  1. Ok so please don’t hate. This is an honest question which I posted on Redditt and I did get feedback but I am starting to see so many units in use by STH so I have to ask those of you here on your experience. I am not looking for controversy. I am not paranoid. I am trying to be as safe as possible. I am leaning towards protectli units with core boot. The ali express units seems way cheaper but, would I be opening myself up to something bad? I can’t verify the BIOS (as far as I know) and that is what I am most concerned about. I would load pfsense on it from scratch but my weakest link would be the BIOS. Anyone have experience on it? ran packet capture on the WAN side of the low-cost Ali Express boxes? Your help is appreciated.

  2. @Charlie: I wouldn’t trust the site. These look like knock-offs from the actual protectli (near identical) there’s no telling the quality of components or failure rate. If you don’t have a large (less than 30) network I’d go with a Vilfo otherwise if you’d like to future proof it’s expensive (but with many options that are VERY~ customizable), I’d go the protectli route. Happy New Year

  3. Also if you’ve got the space, consider the Dell small form factor machines. There are plenty around second hand after having had an easy life in an office. I put a 100G PCIe x16 card in an Optiplex 7040 SFF to see what it could do, and it reached just over 60 Gbps with pretty much 100% CPU use (across all cores). Given how cheap multi-port 10G cards are now, I’m thinking an old Dell with a few 10G links is a better option than these multi-port 2.5G units of unknown origin and questionable longevity. Dell might not be very exciting but they are pretty robust.

    Of course it won’t alleviate your spying concerns, but I’d rather have the Americans spying on me than some other governments…

  4. How are you not getting a kernel panic on IGC with OpenWRT??? Pass some traffic and pull the cable, share what happens.

  5. Does anyone know why this unit would have gone with mSATA rather than m.2 with the typical keying for SATA(B and M, I think)?

    I can see why you’d go with SATA in the context, the Celerons are relatively PCIe starved and this design is one where I/O means networking rather than storage, aside from boot and maybe some light logging; but at this point getting mSATA drives is markedly more irksome than getting SATA m.2 drives.

    Prevents user confusion? mSATA connectors/drives still cheaper in aliexpress world?

  6. @malvineous: I obviously wouldn’t bet against an adversary who owns the firmware; between everything UEFI can do and everything SMM can do there’s plenty of room for concern; but using expansion card NICs might incidentally provide some protection. It’s typical though not universal for a board’s UEFI to include drivers for onboard NICs(at least enough to do PXE and HTTP/HTTPS boot on the low end, iSCSI for nicer NICs; sometimes a standalone firmware update feature) plus, at least in business stuff, a few external NICs(vendor’s particular blessed USB dongle, dock NICs, etc.); but they rarely include much general-purpose support; so the odds of the firmware being able to do sneaky network stuff behind your back go down significantly if you are using expansion NICs based on a totally different chipset(and even class of chipsets) than the ones on the motherboard.

    I certainly wouldn’t use that as a security feature, since it’s not; but the odds that some random desktop motherboard has firmware support to interact with any 100GbE chipset are way, way, lower than the odds that it can chatter merrily away on an i219 or some realtek thing

  7. We’ve got like 50+ of the various versions including 2 of these now that we’ve installed. We used to be a protectli shop.

    We haven’t seen any strange packets from these letting them sit and just sniffing.

    In terms of quality, some of the protectli units we’ve had are almost just like these. The newer coreboot is nice. I’m thinking that protectli used to just oem units like these

    We’ve switched because these are so much cheaper that we can buy spares. These are cheaper than the 6 port 1G Celerons by more than half so you get 3 of these for 2 of the celeron protectli’s and they’re faster.

  8. @fuzzyfuzzyfungus

    I’d imagine that mSATA drives are indeed less expensive for the sellers. The relative scarcity of lanes on these CPUs is also likely to be a factor. While mSATA drives of decent brands are getting kind of scarce in the US, I’m sure there are still tons of little unknown-brand ones floating around in Huaqiangbei market.

    It’s also possible that small mSATA drives tend to produce less heat than NVMe drives can. That could well be a factor in a small fanless box like these. I also don’t know that an NVMe drive would even add anything over an mSATA drive in terms of performance for this class of box. The larger capacities of NVMe drives may also not be that useful for the average customer of these.

  9. I have one of those unit and I am pretty happy with it. My first home server experience, so still learning, but really positive so far.
    Do you know if the mini PCI-E port could be used to connect a mini PCI-E to SATA RAID controller? I would like to expand storage in this way and use it as a NAS.

  10. Also, there is a 3-pin fan socket on the other side of the board which can be accessed from on of the sides. Is in a pretty weird and uncomfortable position and the board needs to be removed in order to access it… but is there! 🙂

  11. I am so out of the game. But are these celerons better now? I remember the old celerons, Atoms from Intel were pure trash performance wise, and other issues.

  12. As for the paranoid people, if you look at the protectli FW4C then it’s basically the same model, just with a slightly better CPU. They probably are made by the same production company as where the protectli comes from.

    I as an European is also slightly hesitant by US made products as I do not know if one of the US agencies have “requested” a backdoor into their products.

    This is an intersting box.

  13. I bought this one when trying to find a N5105 with a good price including SSD and Ram the price is not very different from the latest J6413


  14. I’ve been through the article twice, but I can’t seem to see anywhere how much traffic can this thing haul? One reason I can think of for buyng a 6-port machine is to avoid having an extra switch. Now, I don’t expect it to hold 30Gbps sustained traffic, but still, how much can it hold?


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.